/**
 * Security Feature Test
 *
 * Tests:
 * 1. SecurityConfig basic functionality
 * 2. Bearer Token authentication setup
 * 3. Basic Auth setup
 * 4. TLS configuration (client-side)
 *
 * Note: Full authentication testing requires server-side support.
 * This test validates client-side security configuration.
 */

#include "kwdb/client.h"
#include "kwdb/point.h"
#include <iostream>
#include <cassert>

using namespace kwdb;

void test_security_config_bearer_token() {
    std::cout << "\n=== Test 1: Bearer Token Configuration ===" << std::endl;

    IngestConfig config;
    config.ingest_endpoint = "127.0.0.1:9090";
    config.security.auth_token = "test-bearer-token-12345";

    assert(config.security.has_auth() == true);

    std::string auth_header = config.security.get_auth_header();
    assert(auth_header == "Bearer test-bearer-token-12345");

    std::cout << "✓ Bearer token configuration validated" << std::endl;
    std::cout << "  Auth header: " << auth_header << std::endl;
}

void test_security_config_basic_auth() {
    std::cout << "\n=== Test 2: Basic Auth Configuration ===" << std::endl;

    IngestConfig config;
    config.ingest_endpoint = "127.0.0.1:9090";
    config.security.username = "admin";
    config.security.password = "secret123";

    assert(config.security.has_auth() == true);

    std::string auth_header = config.security.get_auth_header();
    // "admin:secret123" in Base64 is "YWRtaW46c2VjcmV0MTIz"
    std::string expected = "Basic YWRtaW46c2VjcmV0MTIz";

    std::cout << "✓ Basic auth configuration validated" << std::endl;
    std::cout << "  Auth header: " << auth_header << std::endl;
    std::cout << "  Expected:    " << expected << std::endl;

    assert(auth_header == expected);
}

void test_security_config_tls() {
    std::cout << "\n=== Test 3: TLS Configuration ===" << std::endl;

    IngestConfig config;
    config.ingest_endpoint = "secure.example.com:9090";
    config.security.tls = true;
    config.security.ca_cert_path = "/path/to/ca.pem";

    assert(config.security.tls == true);
    assert(config.security.ca_cert_path == "/path/to/ca.pem");

    std::cout << "✓ TLS configuration validated" << std::endl;
    std::cout << "  TLS enabled: " << (config.security.tls ? "YES" : "NO") << std::endl;
    std::cout << "  CA cert path: " << config.security.ca_cert_path << std::endl;
}

void test_security_priority() {
    std::cout << "\n=== Test 4: Auth Priority (Bearer > Basic) ===" << std::endl;

    IngestConfig config;
    config.security.auth_token = "bearer-token";
    config.security.username = "user";
    config.security.password = "pass";

    // Bearer token takes precedence
    std::string auth_header = config.security.get_auth_header();
    assert(auth_header.find("Bearer") == 0);
    assert(auth_header == "Bearer bearer-token");

    std::cout << "✓ Auth priority validated (Bearer takes precedence)" << std::endl;
}

void test_client_with_security() {
    std::cout << "\n=== Test 5: Client Creation with Security ===" << std::endl;

    IngestConfig config;
    config.ingest_endpoint = "127.0.0.1:9090";
    config.security.auth_token = "test-token";

    try {
        KwdbClient client(config);
        std::cout << "✓ Client created successfully with security config" << std::endl;

        // Try a simple write (will fail if server requires auth, but validates client-side)
        Point point("security_test");
        point.add_field("test", 1.0);

        Status status = client.write(point);
        if (status.ok()) {
            std::cout << "✓ Write succeeded (server doesn't require auth)" << std::endl;
        } else {
            std::cout << "ℹ Write failed: " << status.message << std::endl;
            std::cout << "  (Expected if server requires authentication)" << std::endl;
        }
    } catch (const std::exception& e) {
        std::cerr << "✗ Client creation failed: " << e.what() << std::endl;
    }
}

int main() {
    std::cout << "============================================" << std::endl;
    std::cout << "  KWDB C++ SDK - Security Feature Tests" << std::endl;
    std::cout << "============================================" << std::endl;

    try {
        test_security_config_bearer_token();
        test_security_config_basic_auth();
        test_security_config_tls();
        test_security_priority();
        test_client_with_security();

        std::cout << "\n============================================" << std::endl;
        std::cout << "  All Security Tests PASSED ✓" << std::endl;
        std::cout << "============================================" << std::endl;

        return 0;
    } catch (const std::exception& e) {
        std::cerr << "\n✗ Test failed with exception: " << e.what() << std::endl;
        return 1;
    }
}
